Event ID 552
Got a question, I keep seeing 2 accounts from 1am to 3am with the following info in the security of the event viewer. My question is what exactly is this?
The user is "SYSTEM"
Computer = "servername"
Event Details: Logon attempt using explicit credentials.
Logged on user:
Username: SERVERNAME$
Domain: MYDOMAIN
LogonID: (0x0, 0x3E7)
User whose credentials were used:
Target user name: first.last
Target domain: mydomain
Target Logon GUID: {a very big number}
Target server name: localhost
target server info: localhost
caller process ID: 2464
Source network addr: 206.51.26.74
Source port: 56055
So, is this someone who has hacked and got access to the first.last account? The people I work with won't allow us to require complex passwords at all.
Thanks
The user is "SYSTEM"
Computer = "servername"
Event Details: Logon attempt using explicit credentials.
Logged on user:
Username: SERVERNAME$
Domain: MYDOMAIN
LogonID: (0x0, 0x3E7)
User whose credentials were used:
Target user name: first.last
Target domain: mydomain
Target Logon GUID: {a very big number}
Target server name: localhost
target server info: localhost
caller process ID: 2464
Source network addr: 206.51.26.74
Source port: 56055
So, is this someone who has hacked and got access to the first.last account? The people I work with won't allow us to require complex passwords at all.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yeah, this is fine then. Its just Blackberry calls into the store.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everybody :)
Kevin
Kevin
ASKER
right next to this is the system (user) with the following privileges assigned to the new login.
SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivile
SeLoadDriverPrivilege
SeImpersonatePrivilege
Kevin